security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-24 16:43:28 +02:00
Code Activity

* call-scd.c (atfork_cb): New.

Browse Source 
(start_scd): Make sure secmem gets cleared.
* query.c  (atfork_cb): New.
(start_pinentry): Make sure secmem gets cleared.
This commit is contained in:
Werner Koch 2004-01-24 20:50:49 +00:00
parent af41684669
commit 203e1cc272
3 changed files with 34 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
agent/ChangeLog
View File

@ -1,3 +1,10 @@
2004-01-24 Werner Koch <wk@gnupg.org>
* call-scd.c (atfork_cb): New.
(start_scd): Make sure secmem gets cleared.
* query.c (atfork_cb): New.
(start_pinentry): Make sure secmem gets cleared.
2004-01-16 Werner Koch <wk@gnupg.org> 2004-01-16 Werner Koch <wk@gnupg.org>
* findkey.c (agent_key_from_file): Now return an error code so * findkey.c (agent_key_from_file): Now return an error code so

16
agent/call-scd.c
View File

@ -152,6 +152,16 @@ unlock_scd (int rc)
return rc; return rc;
} }
/* To make sure we leave no secrets in our image after forking of the
scdaemon, we use this callback. */
static void
atfork_cb (void *opaque, int where)
{
if (!where)
gcry_control (GCRYCTL_TERM_SECMEM);
}
/* Fork off the SCdaemon if this has not already been done */ /* Fork off the SCdaemon if this has not already been done */
static int static int
start_scd (void) start_scd (void)
@ -206,9 +216,9 @@ start_scd (void)
} }
no_close_list[i] = -1; no_close_list[i] = -1;
/* connect to the pinentry and perform initial handshaking */ /* Connect to the pinentry and perform initial handshaking */
rc = assuan_pipe_connect (&ctx, opt.scdaemon_program, (char**)argv, rc = assuan_pipe_connect2 (&ctx, opt.scdaemon_program, (char**)argv,
no_close_list); no_close_list, atfork_cb, NULL);
if (rc) if (rc)
{ {
log_error ("can't connect to the SCdaemon: %s\n", log_error ("can't connect to the SCdaemon: %s\n",

17
agent/query.c
View File

@ -78,6 +78,17 @@ unlock_pinentry (int rc)
return rc; return rc;
} }
/* To make sure we leave no secrets in our image after forking of the
pinentry, we use this callback. */
static void
atfork_cb (void *opaque, int where)
{
if (!where)
gcry_control (GCRYCTL_TERM_SECMEM);
}
/* Fork off the pin entry if this has not already been done. Note, /* Fork off the pin entry if this has not already been done. Note,
that this function must always be used to aquire the lock for the that this function must always be used to aquire the lock for the
pinentry - we will serialize _all_ pinentry calls. pinentry - we will serialize _all_ pinentry calls.
@ -139,9 +150,9 @@ start_pinentry (CTRL ctrl)
} }
no_close_list[i] = -1; no_close_list[i] = -1;
/* connect to the pinentry and perform initial handshaking */ /* Connect to the pinentry and perform initial handshaking */
rc = assuan_pipe_connect (&ctx, opt.pinentry_program, (char**)argv, rc = assuan_pipe_connect2 (&ctx, opt.pinentry_program, (char**)argv,
no_close_list); no_close_list, atfork_cb, NULL);
if (rc) if (rc)
{ {
log_error ("can't connect to the PIN entry module: %s\n", log_error ("can't connect to the PIN entry module: %s\n",